Frequently Asked Questions

How can I generate a certificate signing request
Last Updated 5 years ago

A certificate signing request provides a secure method of applying for a digital identity certificate to a certificate authority.

Go to menu "Configuration :: System :: Certificates Management" and click on the "Pending Requests" tab

Press the "New request" button to issue a new certificate request.

image

The options available for the request are:
  • the DN in the two forms (provide the full DN directly or form it using the proposed DN parts)
  • the key size in bits
  • and a Name used to distinguish this request from any other pending requests
NOTE: The name provided is used as the CN of the certificate and must be the same as the server's hostname, as advertised by the server. If a pending request already exists by the same name, use a different name and select "Subject" to provide a full DN that contains that hostname as CN (Common Name) part.
image

Fill the form and press the Generate Request.

This will generate a private key file that will remain on the server until the issued certificate
is imported back to the system and stored in the certificate repository and a certificate signing request.
The request is displayed as a Base64 encoded PKCS#10.

image

The request must be sent to the certificate authority, accompanied by other credentials or proofs of identity required, and the certificate authority may contact the applicant for further information.
A CA should examine the request and If the request is successful, the certificate authority will send back an identity certificate that has been digitally signed using the private key of the certificate authority.

After obtaining the certificate, come back to this page (Configuration :: System :: Certificates Management), click on the request, and then click on the "Import Pending Request Certificate" button.

image

Provide the file obtained from the certificate authority (must be either PEM or DER encoded file), a name for the certificate, and a password that will be used to encrypt and store the private key in the certificates repository.

Finally, go to the certificate repository (Configuration :: System :: Certificates Management, Repository tab), and import the public key of the authority that issued the certificate. This will make it available for use by the services.

Please Wait!

Please wait... it will take a second!